Open Closed

Implementing Microsoft.Graph in ABP App #2666


User avatar
0
AMacaulayAtETV created
  • ABP Framework version: v5.1.4
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no

We are attempting to incorporate support for calling Microsoft Graph APIs in our ABP application, using the Microsoft.Graph package. We've already successfully implemented authentication using Azure AD accounts according to the directions in this post: https://community.abp.io/posts/how-to-use-the-azure-active-directory-authentication-for-mvc-razor-page-applications-4603b9cf (we used the second approach, using AddMicrosoftIdentityWebApp).

However, when attempting to add lines to set up the Microsoft Graph client, login with Azure AD no longer works (when Azure AD is selected as the login option, the login page reloads without logging in). Here is the code for our ConfigureAuthentication function in the BlazorModule.cs file:

private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
    {
        context.Services.AddAuthentication()
            .AddJwtBearer(options =>
            {
                options.Authority = configuration["AuthServer:Authority"];
                options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
                options.Audience = "Link";
            })
            .AddMicrosoftIdentityWebApp(configuration.GetSection("AzureAd"))
            // Login only succeeds when these three lines are commented out:
            .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "Group.ReadWrite.All", "User.ReadBasic.All" })
            .AddMicrosoftGraph(configuration.GetSection("Graph"))
            .AddInMemoryTokenCaches();

        context.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.Authority = configuration["AzureAd:Instance"] + configuration["AzureAd:TenantId"] + "/v2.0/";
            options.ClientId = configuration["AzureAd:ClientId"];
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
            options.CallbackPath = configuration["AzureAd:CallbackPath"];
            options.ClientSecret = configuration["AzureAd:ClientSecret"];
            options.RequireHttpsMetadata = false;
            options.SaveTokens = false;
            options.GetClaimsFromUserInfoEndpoint = true;

            options.SignInScheme = IdentityConstants.ExternalScheme;

            options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
        });
    }

The "Graph" section of appsettings.json consists of the following:

"Graph": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": [ "Group.ReadWrite.All", "User.ReadBasic.All" ]
  }

What would be the correct way to implement the Microsoft.Graph package into our ABP app?


9 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try this without abp first. add it to abp when it success.

  • User Avatar
    0
    AMacaulayAtETV created

    I already got it working in a test Blazor server app. However, in ABP, logins using OpenIdConnect stop going through after adding these three lines of code to initialize the Graph client component:

    .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "Group.ReadWrite.All", "User.ReadBasic.All" })
    .AddMicrosoftGraph(configuration.GetSection("Graph"))
    .AddInMemoryTokenCaches();
    

    When they're commented out, OpenIdConnect logins start working again.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Please try to use different scheme.

    The default scheme of AddMicrosoftIdentityWebApp is OpenIdConnectDefaults.AuthenticationScheme

    https://github.com/AzureAD/microsoft-identity-web/blob/0e8a08d8c55edf3aec695a809d189d2ac4b770d9/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs#L42

  • User Avatar
    0
    AMacaulayAtETV created

    Passing in a different value for authentication scheme didn't help.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Can you check the logs?

  • User Avatar
    0
    AMacaulayAtETV created

    Where are those?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Your project Logs/logs.txt

  • User Avatar
    0
    AMacaulayAtETV created

    Here's a link. I deleted what was there so it'd start with a fresh log. This should show starting the web app, going to the login screen, then trying to connect through the OpenIdConnect button. As stated before, it immediately returned to the login screen without logging in.

    https://etvsoftware0-my.sharepoint.com/:t:/g/personal/amacaulay_etvsoftware_com/EUoNySMvi3JMuxiigE3srscBjxAWdubySgty938AFHqvVw?e=athe4I

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you prepare a simpleproject to reproduce the problem? Include steps. Thanks.

    liming.ma@volosoft.com

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11